feishuAgentAdd
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for adding a Feishu-connected OpenClaw agent, but it will persistently modify OpenClaw configuration and store Feishu app credentials.
Use this skill only when you intentionally want to add a Feishu-connected OpenClaw agent. Review the preview, prefer a dry run for first use, use a dedicated low-privilege Feishu app secret, consider disabling agent-to-agent collaboration if unnecessary, and inspect the generated SOUL.md/BOOTSTRAP.md files after setup.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run, the skill can add a new agent and Feishu binding to your local OpenClaw configuration.
The skill instructs the agent to run a local helper script that applies configuration changes, using --yes after a preview. This is expected for the task but changes local OpenClaw state.
python3 scripts/add_feishu_agent.py ... --json-output ... --yes
Review the preview carefully before allowing execution; use --dry-run first if you want a non-writing preview.
The configured OpenClaw agent will be able to use the provided Feishu app credentials.
The script persists the Feishu App Secret into the OpenClaw Feishu account configuration. This is necessary for the integration but grants access to the Feishu app.
"appSecret": self.request.app_secret
Use a dedicated Feishu app with only the permissions needed, and avoid sharing the resulting OpenClaw config file.
The new agent may be allowed to participate in multi-agent workflows by default.
The skill defaults to enabling agent-to-agent collaboration for the new agent, which may allow cross-agent interactions depending on OpenClaw behavior.
`enable_agent_to_agent` - default: `true`
Disable agent-to-agent collaboration with the documented flag if this Feishu agent should stay isolated.
The generated SOUL.md/BOOTSTRAP.md may become persistent guidance for the new agent.
The skill creates persistent starter instruction files using user-provided agent name and purpose. This is expected, but those files can influence future agent behavior.
You are ${agent_name}. Your main job is: ${purpose}.Review and edit the generated workspace files after creation, especially if the purpose text came from an untrusted source.
You have less external provenance information for the helper script than with a linked public repository.
The registry metadata does not provide a public source or install specification, while the skill relies on a local Python helper. No malicious install behavior is shown, but provenance is limited.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install from a trusted registry entry and inspect the local script if you need higher assurance.